In this first of a two-part series -- Does Software Security Pay? -- we’ll discuss how Heartland Payment Systems in Princeton, New Jersey has leveraged software-assurance practices and HP Fortify to drive value within its IT organization -- and improve their overall business performance.

Join us now, as Ashwin Altekar, Director of Enterprise Risk Management at Heartland, shares his insights and knowledge with Amir Hartman, the Founder and Managing Director at MainStay, a marketing and IT advisory services firm in San Mateo, California.

We’ll
learn how Heartland has improved results in innovative ways across the
organization thanks to both security best practices and tools. With
that, please join me now in welcoming our moderator, Amir Hartman.

Amir Hartman: Good morning, Dana. Thanks
for having us, and I'm really excited about the program today. We have a two-part series, as you indicated, and the research that we did found
some very interesting results from the companies that we interviewed.

We found three main benefits to employing and institutionalizing a strong software security-assurance
program with supporting tools. One was a saving that organizations are
seeing. Second, it’s a risk-management benefit to the organization.
Last, we actually saw some revenue protection benefits as well.

So
I'm pretty excited to have Ashwin on the call today and have Ashwin
share with us his experiences in deploying HP Fortify solutions and these
practices within Heartland. Why don’t we start? Ashwin, could you give
us a little bit of background, a little bit about yourself, and then
segue for us into the software security landscape at Heartland?

Ashwin Altekar:
Sure. I’m the Director of Enterprise Risk Management at Heartland. I've
been working in information security for over a decade and have spent a
large portion of my time performing application penetration tests and
managing software-assurance efforts.

At Heartland, we
take software security very seriously. We strive to be the trusted
transaction provider, the trusted partner of the large number of
merchants who depend on our payments and payroll services. With
application security being such a large vector for attack, we’re very
aware of the multiple controls necessary to keep our customers’ data
secure.

We lean quite heavily on Fortify, first to understand, and then improve, our level of software assurance.

Previous scenario

Hartman:
Let's take people back a little bit. Could you describe for us what the
software-security scenario was like at Heartland before
institutionalizing some of these practices and before implementing and
rolling out Fortify.

What did things looked like before? Then, talk to us about why you went in a new direction.

Altekar:
Prior to Fortify, or any automated tools, we relied mostly on manual
inspection by developers using common security guidelines like the Open Web Application Security Project (OWASP) or assessments done by third parties.

As our enterprise grew, it became harder and harder
to be confident in our application-security posture with just manual
inspection by development teams. Software assurance is very important to
us, not just finding vulnerabilities, but understanding what percentage
still remains. With manual efforts, there was just too much to do and
not enough time.

Hartman:
I would imagine that with the space that Heartland plays in, obviously
these issues are quite sensitive. And if you look at the marketplace,
you’re seeing this explosion of mobile devices and mechanisms by which
consumers are transacting. It makes this issue even more front and
center.

Altekar: Absolutely. Our primary product
or service of facilitating transactions is provided through software.
So Fortify is definitely a key product that helps us position ourselves
as a secure company. And to do so, we need to understand what security
issues we have in our software.

Hartman:
Ashwin, talk to us a little bit about the implementation itself, just
some interesting facts. Then, if you could, segue into the impact that
you’ve seen it have on the organization. What are some of the benefits
that you've been able to deliver to the organization and to its
customers through institutionalizing these practices and tools?

Altekar:
At Heartland, we risk-rank our numerous applications and have various
requirements on what each development team has to do to meet internal
requirements.

One of our basic requirements is that
all software applications be scanned using Fortify. From the
information-security perspective, that has allowed us to understand what
it is that we’re up against when we talk about software-security
assurance. So, a large challenge is trying to figure out what it is we
don’t know. Fortify allows us to quantify our level of effort and get
the attention software security requires.

Also, we've
been able to show the successes of many teams that embrace Fortify.
They’ve been able to do more and learn more about software security in
much less time.

Similar results

Hartman:
In the research that we did, we found similar results. We found quite a
number of organizations that were able to reduce the amount of time the
developers were spending identifying and remediating. Because of the
automated mechanism, they focused their attention on developing new
value-add applications.

It's reallocating their time.
It’s not that this stuff isn’t important. Obviously it's essential, but
if we've got a way to do this faster and then focus the developers’
attention on different areas that are more value add, that was a big
win. I don’t know if that’s something similar what you’re finding as
well, as developers are making it part of their DNA.

Altekar:
We absolutely do find that. There’s an old expression for spell check
that if you see the correct spelling seven times, you would finally get
it right on the eighth.

Our developers are bit quicker
in learning about security best practices, but Fortify allows us to do a
very similar type of reinforcement when it comes to specific
software-security issues. They’re able to see the right way to do secure
development through Fortify and then learn from that.

They’re able to see the right way to do secure development through Fortify and then learn from that.

Hartman:
Let's shift gears a little bit here, Ashwin. Some of the things we
noticed were a little bit unexpected. When we went into the study trying
to figure out how companies are benefiting from effective software
security practices, we were going in with certain assumptions.

One
of the assumptions was that some of these automated tools and practices
are going to obviously save time and save money on the developer side.
Certainly, if I can address and remediate things early in the
development cycle, that’s going to save me a tremendous amount of
resources and money, versus down the road in post production.

But
there were a couple of areas that we found in terms of benefits that
companies were experiencing that were a little bit unexpected, and there
were some innovative uses.

Can you share with us a
little bit from your perspective, and from Heartland's experience, some
of the more innovative uses of these practices and Fortify related to
software assurance?

Altekar: We provide broad
warnings about software security issues in general at the enterprise
level, and Fortify allows us to really target our training efforts on
the issues we see at the project level.

We can discuss
those specific topics with the development teams when we interact with
them and we can even point out the specific remediation tips within
Fortify. That’s very helpful.

Secure development

Something
else we’re looking to roll out right now is how we can visualize the
different development teams and how they compare to each other in terms
of software security. So we’re looking to see if we can incentivize
secure development even before a line of code has been written.

Through
some minor gamification, leveraging Fortify statistics between the
various development teams here at Heartland, we hope to better train
developers and, in turn, improve the overall development productivity.

There’s
another interesting use that we have. At Heartland, from time to time,
we acquire various companies or seek to be partners with them. During
the evaluation phase, often we’ll use HP Fortify to determine the amount of
work that we may need to do to get the acquired software into a
production-ready state.

That has been helpful sometimes
in negotiating the acquisition price or making sure that we factor that
in and do and appropriate level of due diligence ahead of time.

When you start articulating and dictating to developers things that they should do, the reaction isn’t always positive.

Another
common scenario for us is that we’re able to understand the quality of
any third-party developers that we contract with and we can force strict
standards on what secure development means.

Traditionally
we enforce security through a legal contract that says the third party
has to follow secure coding guidelines based on best practices, but with
the implementation of Fortify we can say that they have to have a clean
Fortify scan prior to finalizing a certain amount of work.

Lastly, our secure software development lifecycle (SDLC)
process, which includes Fortify, signals to our partners -- especially
our partners that value security -- that we’re very serious about
software security and that we take a lot of the right steps, if not all
the right steps, doing whatever we can to understand our vulnerabilities
in software and to eliminate them.

Hartman: I
love those examples. The healthy competition between the developers is a
great idea. Perhaps it's a little bit melodramatic, but we hear a lot
of this. When you start articulating and dictating to developers things
that they should do, the reaction isn’t always positive.

These
are folks who think they’re developing great code and they’re quite
independent. So, thrusting upon them new ways of doing things sometimes
can be met with some resistance. But that notion of healthy competition
and gamification between groups is a great idea.

And
your point about leveraging these capabilities and these tools in the
acquisition process is something that we’ve heard. When we did this
study three years ago, that was something that one or two companies were
leveraging. Your example is great.

Leveraging practices

It's
not necessarily acquiring companies. It could be the acquisitions of
certain technology and software assets, websites for example. Those
things are ripe for leveraging these kinds of practices and tools. So
that’s great example.

Let's move on to more insight on
how this has differentiated, or been used to differentiate, Heartland.
Obviously, in the space that you play in, security is at a premium, as
is being able to ensure your customers that you've got a terrific
approach. Can you talk to us about that in terms of whether this
capability helps you differentiate in the marketplace?

Altekar:
As I'm sure you know, security is more important than ever in our
customers’ minds. When it comes to transactional security, we've heard
of a few high-profile reports about payment security and breaches
lately. That has really raised awareness and that’s great, especially
since many of Heartland’s products and services focus on security.

Confidence
in the quality and security of our software product is absolutely a
differentiator. It allows our customers to focus on their business
without having to worry about technical security issues in their
day-to-day operations.

Having trust in a brand, having trust in a company and its products and services, is very important for our customers.

Having
trust in a brand, having trust in a company and its products and
services, is very important for our customers, and our secure SDLC
allows us to articulate why it is they should have that confidence in
us.

We can tell them that we have secure development
training, we have a static source code analyzer, we use dynamic tools,
we have manual inspection, we have third-party assessments. These are
all things that especially our larger customers appreciate. They
understand that this is what you need to do in today’s day and age to
have secured products.

We’re able to elaborate on the
multitude of things that we do, and many of our partners are very
thrilled to partner with us because of that.

Hartman:
That’s well said. Ashwin. Think a little bit for me around what it took
to institutionalize some of these practices. You mentioned a little bit
earlier about the use of gamification and healthy competition among
development groups, but institutionalizing effective software-assurance
practices is easier said than done.

Can you help us
understand what were some of those key factors throughout this journey,
and it is a journey? It's not just one quick little implementation and
then you are off and running. It's definitely a journey from the
customers we've talked to. What are some of those key success factors in
institutionalizing such tools and practices across an
organization?

Changing variables

Altekar:
Journey is a great word for it. There have been so many times when I
thought that we were finally at a place where we need to be, and then,
one of the variables changed.

The first thing that you
can do is be very clear about what development teams need to do for
internal compliance when it comes to software assurance. That could mean
setting specific metrics or making sure that they have well defined
processes. But whatever is right for your organization, you have to
repeat that message often.

I used to think that I was
just constantly talking about security, and everyone was tired of it,
but one of the key lessons I learned was that it's impossible for you to
repeat that message too often. So be very clear about what it is you
want them to do and say it often to anyone who will listen.

The
second is to make it easy. Make it very simple for various development
teams that integrate into your software assurance processes. So
understand the challenges that individual teams face in implementing
security during the development life cycle. One team’s problem, if they
are doing an agile development process versus waterfall, could be very
different depending on those scenarios.

The key success factors are just to be clear about the message, make it
easy for people to integrate, and then measure how well everyone is
doing.

Make sure you understand their challenges,
whether it's process, time, or the right tools, and make sure that
you’re able to solve for those. Thankfully, for us, Fortify has been
very easy to integrate into the IDE. We've been able to automate with
it, so it's been flexible in a number of different scenarios for us.

Finally,
quantifying, measuring progress over time. It's very easy to sit back
and say, “These guys implement Fortify” or “We have manual tests for
them” or “They take all the required training,” but it's great to
quantify each, so that you provide feedback to senior management and
talk about many of the success stories.

If you can
provide quantitative information and share those success stories
everywhere throughout the organization, you’re able to reward everyone’s
efforts. In summary, the key success factors are just to be clear about
the message, make it easy for people to integrate, and then measure how
well everyone is doing.

Hartman: That’s a great
summary, and last one, especially to your point, sounds easy. It's not
that trivial of an activity. It's being able to communicate to
leadership as well as to the troops.

Leadership,
especially in a set of measures or metrics that resonate with them, is
not an easy task. There are a lot of activities that get done as far as
software security and software assurance practices go, but translating
that into a language that a senior business leader is going to
understand is not an easy task. That’s a very good point.

A
couple of last questions for you. If you could take a look back for us
with this journey and when it started and the success you've had, is
there anything you would do a little differently?

Be repetitive

Altekar:
One of the things I already mentioned was to be repetitive about the
importance of software security and what needs to be done. There is
always someone who hasn’t heard that message, and it's important for
them to hear it as well.

The other thing is that it's
okay to be a bit more realistic in what an organization can do. Just
because there's lots of security work ahead of you, it doesn’t mean that
the organization is able to get it all done immediately.

So
it's important to create realistic goals and time frames that the
organization can meet, versus trying to get everything done all at once.
It changes from organization to organization on what that means, but
I've learned to have realistic goals, rather than ideal goals.

Hartman: The goal-setting and the expectations and constant communication of reinforcing of those goals is definitely critical.

Going
forward then, what's next for Heartland and specifically in this space?
Can you paint us a picture for what's next in the horizon from an SSA
standpoint, let's say, the next 12 months or so?

My next goal is to combine all our different tools and get even more value out of them running in sync with each other.

Altekar:
I'm really excited for the next year at Heartland. We’re at a place
where we have many of the right tools. We have many of the right
controls at the right time during the software development lifecycle.

My
next goal is to combine all our different tools and get even more value
out of them running in sync with each other - trying to add one and one
to get three, versus just the two that we have today.

Going
forward, I’d really like to continue to automate and leverage the
individual tools and get them working together so that we get, one,
richer information about our security posture, but two, to get more
actionable and precise information on what various development teams
need to do, or what the security team needs to do to better support
software assurance efforts.

Hartman: Ashwin, I
really appreciate your sharing this with us. You have a lot of great
insights. Obviously, as you pointed out, this is very much a journey.
It's not something that’s a week, month, or multi month effort. It's
constantly changing and morphing. Again, your insights were very, very
valuable and I appreciate them. So, back to you, Dana, on this one.

Gardner:
Thanks, Amir. You've been listening to the first in a two-part
sponsored series -- Does Software Security Pay? -- examining how
Heartland Payment Systems has leveraged software assurance best
practices and HP Fortify tools to drive value inside the organization
and improve their overall business performance.

Gardner:
And also, a big thank you to our special guest, Ashwin Altekar, Director of Enterprise Risk Management at Heartland Payment Systems.
Thank you so much, Ashwin.

Altekar: Thank you.

Gardner:
I'm Dana Gardner, Principal Analyst at Interarbor Solutions, your host
for this on going sponsored discussion of IT Innovation and how it's
making an impact on people’s lives. Thanks again, for listening and come
back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: HP.Transcript of a BriefingsDirect podcast on how HP Fortify has helped
one company improve their software security practices. Copyright
Interarbor Solutions, LLC, 2005-2014. All rights reserved.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast series coming to you from the recent 2014 Ariba LIVE Conference
in Las Vegas. We’re here the week of March 17 to explore the latest in
collaborative commerce and to learn how innovative companies are tapping
into the networked economy.

Our
next interview examines the Ariba product roadmap for 2014 and beyond.
We’ll now learn more about the recent news at Ariba LIVE and also what to
expect from both Ariba and SAP Cloud in the coming months.

To hear more about Ariba’s product and services roadmap, please join me in welcoming Chris Haydon, Senior Vice President of Solutions Management for Procurement, Finance and Network at Ariba, an SAP company. Welcome, Chris.

Chris Haydon: Thanks, Dana. Good to be here.

Gardner: Before we get into the news, what’s changed in this business-network market and the community around it the past year? What are you hearing from customers? What’s shifted since we spoke last?

Haydon:
At the baseline, there’s a lot more interest. People are just starting
to really understand what business networks really mean.

In some of the conversations coming through, large corporate enterprise buyers are really looking for a single hole through the firewall,
if you like. They’ve done some great work in optimizing their internal
business processes, but they really understand that the next
undiscovered country is in collaborating with their suppliers.

But it’s not just their suppliers. It’s payment providers, logistics providers, and a whole heap of supply-chain
stakeholders. We’re seeing that larger conversation over not just a
single business process, but a holistic business-process view.

I
think the other really interesting thing isn’t a trend. It's probably a
confirmation of what we already knew, particularly in the southern
hemisphere. Mobile is on the increase and is now bypassing of the laptop, specifically in some emerging markets.

They’re the two macro trends that we are seeing that are manifesting themselves in our new business acquisitions.

Mingling with others

Gardner: So “mobile first”
is really important, as is this notion of a boundaryless organization.
You don’t just exist as an island. If you’re going to be really adept
and productive and develop some of the great insights you can through
data, you need to allow your borders to mingle with others.

Haydon:
That’s right. And it’s a network effect as well. People don’t want to
do all the heavy lifting themselves. They’re really starting to
understand that there is the network here. I can adapt, not adopt, so to
speak, and really accelerate the business by leveraging the existing
community.

Gardner: What about technology? Have
there been any technology shifts that we’ve had in the past year that
have enabled some new and interesting things at the business networks
and applications level?

Haydon: We’re in the
early stages of redoing parts of our technology to take advantage of
where the growing trend is going to come. We spoke about mobile, but
it’s not just mobile. It's more about user experience and how we focus
specific use cases on where an improved screen, an improved device, or
both makes sense in the user context. That’s a really big change for us
as well.

We’ve spent the last 12 months, and we will
spend a good part of the next 12 months, rebuilding the platform to
really be able to take advantage of these larger trends around real-time
analytics, big data, and all that, but translating that into actual actionable use cases.

Gardner: What are the highlights for you at Ariba LIVE 2014?

We have some amazing customers, and the adoption of our customers is just superb for us.

Haydon:
There are so many. First, there’s another record turnout. We have some
amazing customers, and the adoption of our customers is just superb for
us. We want to drive more value into both the buyers and the sellers.

There are some pretty interesting announcements that we’re doing. We announced AribaPay
last year, and we are happy to announce this year that that’s well on track. We’re going to be doing more on AribaPay, but this is really
transforming the B2B
payment space and leveraging that. We want to bring the payment process
within the visibility and the view of the network. We think that’s
pretty huge.

Second, you’re going to hear about us
doing more innovation than ever before. We have some significant
investment from SAP, which will translate itself into globalization --
moving into Russia, moving into China -- and into new business
processes, like supply chain and payment, as well as leveraging the
great infrastructure and platform that SAP has in mobile. You’ll see
three to five mobile-centric use cases delivered in Ariba within the
next 12 months.

Gardner: What about the
Ariba-SAP synergy? How has that changed Ariba. It’s been a while now
since the merger and acquisition. What can you tell me about the
relationship and the character of the company?

Embracing the cloud

Haydon: SAP has really embraced the cloud. And it has worked so well in terms of a lot of the cloud DNA that Ariba brings to the table. SAP has truly embraced that.

And
for us within Ariba, there are three or four dimensions. One is
certainly global, and SAP is everywhere. A global sales force and, more
importantly, global know-how is very important.

Number
two is industries. Historically, Ariba was not very industry focused.
Now, with SAP, with their vast industry expertise, it really will enable
us to drive great solutions into specific industries globally.

And
last, but not least, it’s getting access, from a product-management
perspective, to lots of new things to play with and great platform
tools. We have HANA, and we have released some products on HANA starting this weekend.

We’ve seen some really great synergies in the first 12 months and we expect more next year.

We’re
going to continue to do that. We’re going to put the network on HANA,
accelerate that investment in mobile, other aspects on reporting, and
deep integration with the business suite. We’ve seen some really great
synergies in the first 12 months and we expect more next year.

Gardner: Let’s look at this whole spectrum of data and analysis. Data scientists and business intelligence (BI)
professionals have been creating reports and developing the fruits of a
data infrastructure for years, but what we are starting to see now is
the use of analytics and visualizing the analytics.

We’re
giving it to folks down on the line of business, not just at the very
tip of the organization, but throughout the organization. How has this
need and demand for greater data and greater analysis capabilities
translated into what you’re doing at Ariba and SAP?

Haydon:
This is actually part of why people understand the business network and
why the business network is starting to take off. If you think about
what’s so great about SAP/Ariba and our great capability, we have this
great business network, more than 600 billion in spend, and more than a
million suppliers.

I’ll go into technology for a
second. It's the promise of what an in-memory database can give us.
Imagine when we can put all of those transactions in real-time that are
flowing today, imagine when we double it over the next three years or
something like that.

Power of HANA

And
we put that in real time because of the power of HANA, real-time
analytics, whether it's lead time or a moving price average. We won’t
just dish it up in quarterly reports that an executive sees. What if a
supplier is responding to an order confirmation and they can see that
the average lead time has changed? They can take an action and do
something about it to fill their customer’s needs.

What
if you’re a procurement officer and you’re going to do a sourcing
event? You can see that five extra suppliers come on or there is some
problem with your core supplier because they are out of stock. If
there’s a natural disaster hitting, what if you can see that real-time?

That’s
the promise that big data and analytics delivers in something like the
business network, which gives us a holistic view that is unparalleled,
particularly when we are able to marry that with the master data that
exists in the applications or in the enterprise resource planning (ERP) systems.

Gardner:
What strikes me, Chris, about this era is that for so long, companies
relied on their own data and their own analysis. There was really a wall
around the activity with BI.

But now, with things
like third-party networks, like the Ariba Network, they can start to get
data that might be anonymized. Privacy issues have been worked out and
people are allowing data to be shared. That’s where these real insights
are coming. It’s the volume, velocity, and variability of the type of
information.

None of this happens without the appropriate privacy, anonymization, aggregation, and all of that.

So
what comes in terms of a business application benefit? Where are you
driving these visualizations and this data? What can we expect in the
next 12-18 months in terms of analytics meeting business applications?

Haydon: The first one, which we have already announced, is Supplier InfoNet,
which is our HANA-based alerting and supplier information system, which
can also feed in. We’re releasing that and we’ll be building that
integration into our solution set. That’s the first thing.

We’re
kind of feeling our way here, and you brought up an excellent point.
None of this happens without the appropriate privacy, anonymization,
aggregation, and all of that. That’s the given that you have got to work
out first.

But once you have that, we want to look at
point areas to road test what it looks like. Maybe we just show to a
supplier and say, “When you’re responding to an event, your lead time is
x percent slower than all your other competitors.” There’s some peer
pressure, and we’re not sharing anything else, but it actually helps the
salesperson understand where they are.

It’s the same
thing on the buy side. If you confirm that the moving average price of
this commodity in the United States moved by 5 percent, you might want
to consider having a sourcing event. Those are the type of point things.

Most meaningful

The
holistic dashboarding and automated alerts will come. We just want to
work out those flows and what’s most meaningful. That’s where we go back
to the point about the user experience. How do we do that? Do we need
to expose that in a mobile app with an alert, or is that just an icon that pops up on your screen, or both. That’s how we want to intersect the two.

Gardner:
Let’s move into mobile. You mentioned "mobile first." That’s really an
interesting concept, but it seems to me that it's more than just a
screen definition. You really need to rethink processes when you start
to go to that mobile tier and recognize that people are 24x7, regardless
of location, intersecting and interacting with business processes. So
what should we expect from mobile innovation?

Haydon:
I wouldn’t even couch it as “mobile first,” but “mobile as required.”
First and foremost, what we are focusing on for our mobile strategy is,
notwithstanding putting in place, just the core platform to enable it.
When we’re looking to our features that we build in our products, we
want to focus, which, as you were alluding to, is how does the end user
need to consume this information?

If it does make sense
that a mobile device is able to present that, then we’ll do it. We are
not doing it for the sake of having a mobile solution, just to have it
out there. We don’t need to do that.

We want to take a focused approach. We want to embed the mobile
development paradigm within our current development product teams.

Obviously,
some things bubble to the top, approval apps or flipping a purchase
order or a new event, and we will do those. But we want to be quite
systematic in what we’re going to do.

Also, from a
product development sense, we want to take a focused approach. We want
to embed the mobile development paradigm within our current development
product teams.

What does that mean? It means we’re not
going to have a mobile team out on the left, running and building
500-600 apps that they think they should build, and then our core
feature team doing it. We’re going to have our engineers, our product
managers, our quality assurance (QA) people thinking about mobile in parallel with the
screen and how that enhances the customers or the user experience to
deliver the business outcome.

While we might be
somewhat slow compared to others, some competitors are saying they have
20 mobile apps. We think our way is going to deliver better business
outcomes by taking the user experience construct and making that,
whether that’s mobile, analytics, or screen, all in the same context.

Gardner:
I like the idea that it's process first, regardless of the screen, but
this seems to give you an opportunity to move and scale into new regions
in some markets. In China, for example, the smartphone is the primary device and screen.

It
also allows you to scale down smaller businesses. You can run a
business on a smartphone. Why not have cloud business services to
accomplish that? What about that global reach? What do you expect for
the next 12-18 months in terms of expansion vis-à-vis any number of
services, but mobile being part of that?

New data centers

Haydon: A couple of things. Number one, since we first spoke, we announced our first European data center,
and that was commissioned in December. We already have a number of
customers live already. We’re in the process of dealing with that.

We
have also announced data centers in China and Russia for our
applications. So in terms of just global deployment, we’re investing in
data centers which will deal with a lot of the data privacy and
encryption table stakes to even get started.

And then,
just being on the back of SAP is one of the really great synergies that
we get, in that they have in-country local product managers who are
born and bred and live in the jurisdiction to be our proxy customers,
the voice of the customer actually in-country as we look to embed in
there.

Gardner: Into our next subject. What about governance, risk, and compliance (GRC)
topics and issues. It seems that we can’t really divorce concerns about
privacy and security and risk amelioration from business activities,
especially as we consider that boundaryless organization. We want to
expand into new markets and allow enterprises to do more business and
supplier activities across these boundaries.

All decisions -- procurement, supply chain or others -- are made with a risk-management focus.

So how do we think about embedding GRC both as a process and as a technology in the Ariba roadmap?

Haydon:
Ariba had a pretty good legacy of being at the forefront on a lot of
that. Maybe we didn’t give ourselves credit, but for the longest time,
we have had security, privacy, availability, and confidentiality
processes and certifications. Some competitors have one, some
competitors have two or three, but we had five.

We are also payment card industry (PCI)
compliant. That’s a pretty high threshold. I know other companies have
PCI compliance, but I mention those points because that’s part of our
DNA. You have to start thinking about that, you have to understand
enterprise problems and build your operations, your infrastructure, and
your technology around that. We’re in a pretty good state.

Obviously,
these GRC compliance processes are growing. Risk management is like a
new mantra. It's the forefront of anything else.

I
mentioned our data centers. One aspect of dealing with in-country data
privacy, obviously, is having a data center in a jurisdiction. As I
said, we commissioned our European data center. One in Germany is
primary, and there is a failover elsewhere. That should deal with a lot
of EU data-privacy concerns. Then, Russia, China, and so on.

The
second piece that we do have, being as part of SAP, is that SAP has a
very comprehensive GRC process themselves to make sure that they don’t
do business with customers that are on particular restrictions or watch
lists internationally. It's not just the US or the EU, as I understand.
SAP reviews 13 or 14 data sources, not just one or two.

Trading partners

So
we’re bringing those processes into the Ariba Network to make sure that
we don’t do that, but we also notify our trading partners as well, and
that’s part of the value-added service. You may well be doing
transactions or trying to do an event with someone not appropriate from a
risk perspective.

The last piece, a little bit
related to this from the roadmap, is that, in the course of this year,
we’re looking to build out on the Ariba Network support for US public
sector. Once you start into the public sector for business process
transactions, you get a whole heap of compliance issues on encryption,
accessibility, and a couple of other dimensions. Those requirements will
be built into the network and also to our applications over the next 12
and 24 months.

Gardner: Now, back to products
and services. Often, at these Ariba events, and I’ve been at quite a
few, we hear about services that people are familiar with, but there are
layers of new functionality and features. Are there any that pop out in
your mind from 2014 that we should go over and s reflect on as maybe
changing the way people think about doing business vis-à-vis cloud and
vis-à-vis the networked economy?

We said we’re going to do a lot of innovation. We’re going to deliver on that innovation.

Haydon:
Yeah, there are a couple. One is something released in Quarter 4, at
least for our SAP clients. We have native connectivity between the SAP Business Suite and the Ariba Network. You don’t need middleware. It's a downloaded extension pack.

It's
pretty game-changing, when you can download something and an order can
go out of the Business Suite straight to the network natively. Let’s
just remind people of that. That’s pretty nice.

Number
two, we have a lot of new features and products coming out, as we said.
We said we’re going to do a lot of innovation. We’re going to deliver
on that innovation. I’d like to quickly talk about four.

AribaPay, which we touched on, is changing the role of B2B payments on the payment side.

At the top end of the funnel, we are also launching Spot Quote.
This is pretty interesting. Forty percent of procurement activity is on
contract or on catalog. In some industries, it's greater. This Spot
Quote process enables us to take these tactical three bids in a buy from
a buyer programmatically and put that out into the business network to
be bid upon, and we can also identify new suppliers.

What's
exciting about that is lot of process efficiency for buyers, but also
for a seller. Think about this. It's almost like the budgets are already
largely being committed, and they have a close date. It almost drops to
the bottom of the pipeline. That’s pretty nice. It might not be the
biggest deal, but I’ll take it.

Supply chain

We’re
also releasing our first version of the supply chain, focusing
primarily on retail use-case scenarios, working very hard with SAP to
have end-to-end connectivity, and we are very excited about that.

Last,
but not least, services on the network as well, extending a whole new
type of collaborative services for estimate-based services, are going
live.

So we have more innovation. It's supporting both
buyers and suppliers, and going globally, in terms of Russia and China,
and we’ll be adding Brazil and Mexico invoicing as well. So there are a
lot of exciting things on the business network for customers, not only
in the USA, but globally.

We’re also releasing our first version of the supply chain, focusing primarily on retail use-case scenarios.

Gardner:
Well, great. I’m afraid we will have to leave it there. We’ve been
talking about the news here at Ariba LIVE and also what to expect from
both Ariba and SAP in the coming months.

And we have
learned the latest in the way Ariba and SAP are working together helps
innovative companies thrive in the networked economy as they look to be
more data-driven, exploit mobile tier processes, and of course keep
their data and business safe.

So a big thanks to our
guest, Chris Haydon, Vice President of Solutions Management for
Procurement, Finance, and Network at Ariba, an SAP company. Thanks, sir.

Haydon: Thank you.

Gardner: And thanks to our audience for joining this special podcast coming to you from the 2014 Ariba LIVE Conference in Las Vegas.

I’m
Dana Gardner, Principal Analyst at Interarbor Solutions, your host
throughout this series of Ariba sponsored BriefingsDirect discussions.
Thanks again for listening, and come back next time.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast series coming to you from the recent 2014 Ariba LIVE Conference
in Las Vegas. We’re here the week of March 17 to explore the latest in
collaborative commerce and to learn how innovative companies are tapping
into the networked economy.

Our next innovator case study focuses on Arlington Computer Products and how they’ve been improving their financial processes and operations using the newAribaPaycloud-based B2B
payment service. We’ll learn how an integrated and on-demand approach
to ordering, billing, and settlement processes between buyers and
sellers benefited Arlington Computer Products.

To
learn more about how agile business services are entering into a new era, please join me in welcoming our guest, Arly Guenther, Chief Executive Officer at Arlington Computer Products in Buffalo Grove, Illinois. Welcome, Arly.

Gardner: Why are companies
seeking to do things differently when it comes to paying and getting
more digital and electronic in how they’re settling out their accounts?

Hofler: Dana, fundamentally, B2B payment is broken, in the sense that it’s very different from consumer
payments. With consumer payments, you have the item that is being
bought, and the information around the payment happens at the same time,
at the point of payment, with the settlement of funds.

With a B2B payment, however, the goods that are
delivered or the service that is performed is done so 45, 60, or 90 days
ahead of when the payment is settled. This disconnect in time between
the information around the payment and the actual settlement of the
payment causes companies to have a very difficult time reconciling
payments that they receive. There’s a lack of remittance information
around the payment, particularly when there are multiple invoices
involved to settle that payment.

You have organizations
that would like to pay with electronic payment because it’s more
secure, cheaper, and faster. But the people being paid, suppliers, are
struggling with that, because it often doesn't contain the information
that they need to settle those funds.

So suppliers
would like to get paid faster and electronically, but they need that
information along with it. There has never been a payment in the B2B
world that tied together net-term payment with all of the information
that's necessary to manage and reconcile that payment. That’s where
AribaPay comes in to try to solve that problem.

Hofler:
Last year, we announced our partnership with Discover and began our
development process and design phase of building out the product. This
year, we’re happy to announce that we've had our first live transactions
between Discover and Arlington Computer Products.

Gardner:
Let’s go to Arly. Tell us a bit about Arlington Computer Products,
about what you do, the size of your organization, and why AribaPay was
interesting to you.

Guenther: Arlington
Computer Products has been in business for 30 years. We’re an IT
solution provider, servicing a broad spectrum of large enterprise
customers. Last year, we did about $130 million in revenue, and we’re
providing best-in-class IT solutions for our customers. So when we see a
best-in-class solution like AribaPay, we really want to embrace it and
use it ourselves.

We’re always looking at our business
trying to get more efficient and drive cost out of our model. Customer
satisfaction is our top priority, but at the same time, we need to be
price competitive. So we’re always looking for innovative solutions,
trying to get more efficient and more productive as an organization.

The
space that we've been in historically has been very manual for us, very
high touch. With AribaPay, we’ve been able to re-architect our
accounting system to use a cloud solution, as opposed to a manual
process.

We’re always looking at our business trying to get more efficient and drive cost out of our model.

As
far as Discover, we've done business with Discover for more than a decade.
They’re an outstanding organization, using best-in-class technology to
drive their business. If you combine that with Ariba, which is a
top-notch software firm, you’re really combining two great
organizations. So we were really comfortable going forward with the pilot.

Gardner:
As Drew pointed out, there are numerous benefits that come with moving
to an electronic-settlement process and using an integrated approach
across the partnership or ecosystem like Discover and Ariba. For you,
Arly, what were the top problems or top issues that you wanted to
resolve by going into this new model?

Guenther:
It has been really a very manual process for us. We would generate an
invoice. We had to put it in an envelope. We had postage expense and
envelope expense. We’d mail the invoice out, sit and wait for a payment,
a check, to come into a lock box. We’d wait for the check to clear so
the funds are available.

If we followed up after 45 to 50
days, we occasionally might find that the customer didn't even receive
the invoice. So we’d have to resend an invoice. It was a high-touch,
manual process. Now it’s an automated process. So there are some big
productivity savings for us.

Ancillary benefits

Gardner:
Arly, while expanding this across more of your accounts, do you see any
ancillary benefits in terms of process refinement, analysis, or productivity
insights? Is there going to be perhaps an additional payback when you
scale this up?

Guenther:
Absolutely. We were in the pilot. As I mentioned, we’ve done business
with Discover for over a decade. They’re a fabulous customer of ours.
We’ve used Ariba with Discover for a number of years, just not AribaPay.
Now, we really want to take it and use it across the board in our
accounting system for our customer base.

Gardner:
Drew, tell us a bit more about AribaPay for those who are intrigued and
want to learn more. What does it actually do? What are some of the
details, and how would you go about bringing this into your
organization?

Hofler: As I said, the fundamental
problem with B2B payment is that disconnect between the information and
settlement of funds. That’s what AribaPay corrects and bridges that gap. On the Ariba Network, our core strength is everything from sourcing
all the way through to the invoice being approved and ready to pay.
That’s all of the information that goes along with the payment. The
invoice, the line items, the purchase order (PO) behind it, even the contract behind is all there and backing up that payment.

AribaPay
then takes it the final step and, in that settlement process, connects a
unique payment identifier with that and connects with the Discover
network to leverage their core strength, which is secure trusted
settlement of funds and the infrastructure to do that.

With AribaPay, the supplier can see where the actual payment is every step along the process

Then,
Discover settles the fund in electronic manner, but that settlement of
funds is now tied together with the information that came behind that
payment. So a supplier receiving a payment through AribaPay can get an
automatic feed into their back-end system or they can come on to the
Ariba Network and see every line item that in the invoice that came
behind that payment.

Hofler: More importantly,
it will highlight if there’s a discrepancy between what they invoiced
and what they were paid. Say they invoiced $100 and they were paid $90
because the buyer disputed an item or they thought the price should be
lower, AribaPay will highlight that with the I-card and tell you exactly
where that discrepancy is, so that suppliers no longer have to search
through and find where the issue is.

Finally, AribaPay
has a very cool feature, we call it track-and-trace for payment. It’s
very much like when you order something online and you get a packaged
shipped to you. You get a tracking number and you can see where that
package is geographically as it comes to your house.

With
AribaPay, the supplier can see where the actual payment is every step
along the process, from the time the payment is approved, to the time
that it gives its execution and the file is sent, to when Discover
debits the buyers bank account, to when they credit the supplier’s bank
account. All the way along the line, they can see every step.

That’s
what it does. It bridges that gap of information, which gives suppliers
the ability now to embrace electronic payments, get paid faster, and
have visibility into it, because they now have all that information that
they need.

Dynamic Discounting

Gardner:
We’re really creating these data rich transactions, where the data
follows a transaction and it allows for a much greater transparency. How
does that line up with other services? I'm thinking
perhaps the Dynamic Discounting at Ariba.
Is there a synergy of any sort between some of these other services and what you can accomplish with
AribaPay?

Hofler: There is a synergy. AribaPay is really that last step in the true P2P process. It is the second "P" in P2P, and it closes that loop and it does so in a way that gives the suppliers a certainty of payment.

With
Dynamic Discounting, it's a great next step. Dynamic Discounting simply
gives the supplier the ability to choose a different date for payment
and offer a discount in order to accelerate that payment.

In
a normal discounting platform, that choice of the supplier will
be sent to the buyers back-end payment system, which will tell them that
the supplier wants to be paid early. That’s the last visibility that
the supplier sees and they just trust that the process will work and the
buyer will then actually pay them at that time and for the amount that
they are expecting.

It adds that extra layer of visibility and certainty to the choice
that they have to get paid. That’s very synergistic with Dynamic
Discounting.

With AribaPay, the discount choice
can be tied directly to the execution of the payment. They can see with
certainty that, yes, the buyer has accepted that; yes, the buyer has now
executed on that. They can see when it's coming. It adds that extra
layer of visibility and certainty to the choice that they have to get
paid. That’s very synergistic with Dynamic Discounting.

Gardner:
Arly, as you’re hearing Drew describe these services and capabilities,
do you think it might alter the way that you relate to your accounts, to
your customers? Is there a value-add with having this visibility,
tracking, and data with the transactions that might allow you to
increase your services? Is this something you can extend back into your
market?

Guenther: Absolutely. From a process
stand point, it's a game changer for us in terms of driving productivity
and improving cash flow. Just like anything else, as you drive down
your selling, general, and administrative expenses (SG and A)
and your own expenses and you get more efficient, you pass those
savings on to the customer. But we’re really a technology company, and
so when we get a best-in-class solution like this, we really want to
maximize the benefits.

Gardner: I know it's
quite early in the game. We've just begun doing transactions but can you
see any metrics of success, any measurement of how this would work? We
are anticipating, as you mentioned, cost savings, but have we put any
numbers to that yet, Arly, or is it too soon?

Guenther:
We’re anticipating a six-figure savings just between handling expenses,
postal expense, and supply expense, but the real wild card is cash
flow. When you improve your cash flow, the opportunity cost on that cash
can be pretty high. So from that standpoint alone, we know it's going
to be in the six figures, but as we free up cash to do other things,
that’s going to make a big difference for us.

Gardner:
Drew, for those interested in learning more, how would they begin?
What's a good way of starting a process where they could begin to
understand and even execute on something like AribaPay?

Lots of information

Hofler: A great place to go to learn more about AribaPay is simply AribaPay.com.
There is a lot of information out there, some data sheets and a form
that they can fill out to learn more information and hear from us.

We
have some value engineering models that can help customers, both buyers
and suppliers, understand how AribaPay can help their business. That
would be great for a start. One other point I neglected to make about
AribaPay is that we've talked a lot about the benefits of suppliers,
which is great.

It's a wonderful benefit for suppliers, but we shouldn’t understate the benefit there is to buyers of
not having to manage bank-account information any more. One of the
benefits of AribaPay in leveraging Discover is Discover’s infrastructure
and network of merchant acquirers and the process of bringing suppliers
on. They’re capturing our bank information managing it, bumping it up
against all the asset control checks, all of the know your customer (KYC), and things that have to happen to verify that bank information and then keeping that bank information up to date.

No
longer do buying organizations, as they do today, have to hold on to
supplier bank account information, if they are going to pay
electronically. That is a very big benefit, particularly in light of
what we’ve see in the news lately about certain companies having had
their data briefs and payment information, bank information stolen. So
this eliminates that risk by offloading the management of that bank
information into a trusted third-party like Discover whose business is
managing that information.

We have some value engineering models that can help customers, both
buyers and suppliers, understand how AribaPay can help their business.

Gardner:
Drew, looking to the future of maybe 12 months from now, the next Ariba LIVE or conference of note, what can we expect? Are there some added
services or more analysis and analytical benefits that you can draw?
Where do you expect this to go next?

Hofler:
Right now, AribaPay is going to be launched in the second quarter of
this year to general availability. It’s just the beginning. It’s first
being launched to the U.S. alone. The very next thing for us is
expanding that into other jurisdictions. So I would look for that, first
and foremost in the next year.

Gardner: Well,
great. I'm afraid we’ll have to leave it there. We've been talking about
how Arlington Computer Products has improved their financial processes
and operations using the new AribaPay cloud service. By examining an
early users experience like an ACP, we've seen how an integrated and
on-demand approach to ordering, billing, and settlement processes
benefits both the buyers and the sellers.

A big thank you then to our guest,
Arly Guenther, Chief Executive Officer at Arlington Computer Products.
Thank you so much, Arly.

Guenther: Thanks, Dana. Thanks, Drew.

Gardner: And we've also been joined by Drew Hofler, Manage Cash Solution Marketing Director at Ariba, an SAP company. Thank you, Drew.

Hofler: Thank you, Dana. It's my pleasure.

Gardner:
And also, a thanks to our audience for joining this special Podcast
coming to you from the recent 2014 Ariba LIVE Conference in Las Vegas.

I’m
Dana Gardner, Principal Analyst at Interarbor Solutions, your host
throughout this series of Ariba-sponsored BriefingsDirect discussions.
Thanks again, for listening and come back next time.

Transcript
of a BriefingsDirect podcast on how AribaPay is changing the face on
online billing and payments, benefiting both buyers and sellers.
Copyright Interarbor Solutions, LLC, 2005-2014. All rights reserved.

Dana Gardner: Hello, and welcome to a special BriefingsDirect podcast series coming to you from the recent 2014 Ariba LIVE Conference
in Las Vegas. We’re here the week of March 17 to explore the latest in
collaborative commerce, and to learn how innovative companies are tapping
into the networked economy.

Our
next thought leadership interview focuses on the future of business and
how companies can benefit from the new insight and analysis that
transparent business networks and processes allow.

The
power of data-driven business networks and the analytics derived from
them are increasing, but how do enterprises best leverage that
intelligence as they seek new services, products and efficiency? How
do automation and intelligence enter the picture for better matching
buyers and sellers?

To learn more about how business
-- led by procurement -- is changing and evolving, and how to best
exploit this new wave of innovation, please join me now in welcoming our
guests, Rachel Spasser, Senior Vice President and Chief Marketing Officer at Ariba, an SAP company. Welcome, Rachel.

Gardner: Rachel, I’m getting this impression that procurement
is really expanding, that it's growing up in a sense, not just a static
business transaction, but something that is dynamic, living, and growing. Am I off-base, or is there more to it?

Spasser:
You’re right on target, Dana. If you think about the history of
procurement, it really was a back-office function that was primarily
focused on cost savings in a very tactical way for most companies. As
we’ve seen that function evolve over the past 10 years, it has become
much more strategic in nature, and it has an impact on much more than
just cost savings for an enterprise.

As you can imagine, over the course of the past 10
years, there have been a lot of technological advances that have given
the procurement professionals the ability to move from manual processes
and manual tasks to automating those and therefore focusing on
higher-order opportunities to deliver value to the company.

Gardner: Of course, we’ve also seen more e–invoicing,
more of a digital trail, more data and information associated with
procurement, and the size of the network, more people on it, the more
information, and so we have a virtuous adoption benefit.

Are more and more people getting
involved with some of these newer technologies?

More getting involved

Spasser:
More people are getting involved. For the first couple of years, there
were a lot of people sitting on the sidelines, watching what was
happening and trying to understand how that could impact their
businesses.

Today,
people are embracing networks and embracing the opportunities that
networks bring, such as e-invoicing. Today, something like 70 percent of
companies are using e-invoicing in some capacity. That's a huge
improvement and growth over even just a few years ago.

Gardner:
Andrew, how are you viewing the maturation of procurement, and how do
you see it expanding in terms of its implications for a business?

Bartolini: I echo
Rachel’s sentiments. Over the past 15 years, we really have experienced a
procurement revolution, although at times it feels a little bit more
evolutionary in nature.

In 2006, the average
procurement organization, from our research, managed about 30 percent of
their total spend. A mere seven-and-a-half years later, that number has
doubled. So the average procurement organization is now influencing a
majority of their total enterprise spend. The best in class, the leaders
in the field, are now managing between 85-95 percent of total spend.

So procurement has risen in stature. There is now a chief procurement officer (CPO) or a single point of contact within a procurement operation at about 85 percent of organizations.

Procurement
has stepped out of the back office and into the front ranks, and
continues to gain in stature. As it gains in influence, it continues to
guide organizations in making smart decisions within the organization
and identifying the right business partners outside the organization.

Gardner: We’ve seen the role and impact of social and community, of community vetting of
processes, and people looking to their peers for trust and feedback. We
know that’s impacted a lot of things. Is this playing a role in
procurement as well? Is there a social factor here?

Spasser: There are plenty of opportunities in a couple of areas. First of all, from a risk-management
perspective, having more information -- information that's both
qualitative and quantitative -- is only going to help procurement
organizations make better decisions.

When you look at
the social and business networks, the community intelligence, and the
data and the insights that live within that network, all of a sudden
you’re providing infinitely more information and making the procurement
executives smarter, enabling them to make better business decisions, and
changing the nature of their game.

Instead of having to respond reactively to changes within the macro environment or within their supply chain,
you now have the ability to arm them with information that can make
them proactive in their decision making, and proactive in their approach
to finding new suppliers, managing existing suppliers, and that really
does change the game.

Fertile time

Gardner:
It strikes me that the transparency and the ability to qualify and
quantify have given us some really new and interesting services such as Dynamic Discounting, like the ability to create AribaPay, and also learn about innovation in the field. We have heard about MSC, where they’re pushing their ability to deliver inventory right
into their customer's environment. So, it’s a very fertile time for business procurement processes.

Any
thoughts about where the next level of analysis or insight will come?

Spasser:
Absolutely. Just going back to your comments on Dynamic Discounting and
AribaPay, when you look at procurement, both Andrew and I have talked
about it becoming a more strategic function.

When
procurement starts impacting the cash flow and the working-capital
management of companies through opportunities like Dynamic Discounting
or AribaPay, all of a sudden, it enters a completely different realm in
terms of its importance and in terms of the amount of respect and
inclusion that it gets sitting at the executive table within companies.

If you arm people with information, they have the ability to make better business decisions.

When
you talk about what’s next, there are lots of different directions in
which procurement can go with the information that they’re given. We
talked about risk management, but as companies are coming up with
corporate-responsibility mandates, whether that’s sustainability or
green or fair labor practices, they can be negatively impacted if they
don't truly understand every tier within their supply chain.

And we see this with companies like the Gap or Lululemon in the consumer packaged goods (CPG)
and retail space, where these companies have really suffered severe
brand damage as a result of having issues within tiers 2, 3, 4 and
beyond in their supply chain. That’s one example, but it's a powerful
example of how, if you arm people with information, they have the
ability to make better business decisions.

Whether
that’s a business decision related to offering a discount or whether
that’s a business decision about choosing to do business with a supplier
or not, based on what you know about them or their second and third
tier suppliers, all of this is really important and it's changing the
nature of procurement.

Gardner: You brought up governance, risk, and compliance (GRC). I had a very interesting discussion here at Ariba LIVE about InfoNet,
using that in association with the data from Ariba Network, and
reducing that risk by being able to predict using advanced algorithms
and very complex and powerful analytics platforms to see into the future
and predict when risks are unacceptable.

Let’s go to
Andrew now. You have had some recent findings. You’re saying that
procurement taps this intelligence, and things like InfoNet have
predictive abilities. What is the market telling you, and how far are we
into this? Have we just scratched the surface of analytics or are we
into the third inning?

Early in the game

Bartolini:
With the maturation of the procurement function, we’re still in the
early part of the ballgame. If you look at the leading procurement
organizations today, the characteristics of these best-in-class
organizations are process, discipline, an ability to execute, and
driving efficiencies and effectiveness.

What's now
prized within the larger enterprise and within procurement itself is the
ability to be agile and to drive innovation. This has effectively
pulled procurement further into the spotlight, as it really does serve
as a process hub within the organization and it really does serve as the
prime relationship point for third-party suppliers.

The
good news in all of this is that the technology that was introduced
also around the time that we started thinking about the procurement
revolution has finally started to catch up to the actual user needs,
from a usability standpoint, from an integration standpoint, from a
time-to-value standpoint.

We’re seeing organizations
now move from the initial adoption, where they are just trying to get
activity through their systems, to becoming more effective in their
usage of these systems and technology.

The skills that reside within the average procurement organization are
not where they need to be to be thought of as world class or operational
excellence.

When you look at the challenges
that a CPO faces, a lot of that is driven by the talent that resides
within the organization. Sometimes that's doing more with less. It’s
very hard for CPOs to get a new job requisition, even in very large
companies, it's a challenge to get that investment in procurement.

Also,
the skills that reside within the average procurement organization are
not where they need to be to be thought of as world class or operational
excellence.

Enter technology and automation. When you
look at the reams of data that sourcing and procurement activity
generate, the skills of the average procurement organization to go in
and analyze and find the right trends, whether that’s pricing trends or
identifying key risks, is still not where it needs to be. So, it’s early
stages there.

But with things like InfoNet and
business networks you’re starting to see the co-location of
transactional information, communication that supports those
transactions, and then an ability to analyze and make decisions based
upon that, all within one central location. That's a very powerful asset
for procurement.

Gardner: And not only in one location, but in a cloud
environment, where information from an entire industry can be brought
together with the proper anonymization, security, and privacy in place -- but then the insights can be global or scaled down to individual
organizations.

Opening up

Bartolini:
This is an area where enterprises are finally opening up. I worked in
this industry 15 years ago, and everything was very proprietary -- our
requirements on certain products or items or how much we were spending.

The
Internet has really opened it up. Information is at everyone's
fingertips. Organizations are starting to understand that there is value
that can be created by sharing information in an industry, and
particularly with trading partners.

From our research,
we’re seeing that organizations can invest in a business network today
and get a payback within a year, just based simply on transactional
efficiencies.

Where this gets more interesting is when
you start to introduce other social aspects. When you start to
introduce third-party specialists, who can offer services that add value
to all of the participants in a network, it becomes a very interesting
place to be. That’s why there's such interest and excitement around
business networks.

Leveraging specific skills will be more important, whether that's
through contingent workforce or through hiring to very specific skills.

Gardner:
It strikes me too that procurement is expanding its importance to
companies. When we think about some of the labor issues that many are
forecasting with the workforce of the future,
it’s going to be difficult to get a highly skilled full-time employee. Or you might
want to have them for a shorter period of time. So procurement becomes a
facet of hiring. It becomes a labor-acquisition process as well, and
then, of course, it goes to more services than just products or merchandise alone.

Rachel,
the question is how strategic do companies view this? Andrew says that
we need to get more competency and sophistication in procurement. Do
companies appreciate that this is really more and more a part of their
core assets strategy and a core competency?

Spasser:
Definitely. Even this morning, I was speaking with a number of CPOs who
talked about human resources as a key factor in whether they’re going to
be able to get to the next business level.

I would agree
wholeheartedly with Andrew that the skill set is going to be different
than it has been in the past. Leveraging specific skills will be more
important, whether that's through contingent workforce or through hiring
to very specific skill sets.

One of the interesting
things that we’re seeing is that, in a lot of companies, the procurement
function becomes a rotation within the executive ranks, as they’re
bringing people up and training them to be in higher levels of
management. We see many of our customers taking people who really don't
have a traditional procurement background and cycling them through the
procurement function.

In fact, SAP is doing that itself. Marcell Vollmer,
who has been a great advocate of Ariba, is not a procurement guy by
trade, but has really made a huge impact on SAP procurement because he
brings a different skill set. He brings that analytic background, and he
brings that general business and relationship management savvy.

Complex services

When
you look at the types of spend that companies are trying to attack
today, you’re looking at complex services and you’re looking at a
contingent workforce. Those take on a life of their own, because they
are very, very different than buying a physical good.

We
live in a service economy, and as that continues to evolve, it’s
going to become more and more important to procurement and to companies
as a whole.

Gardner: Andrew, thinking a little
bit toward the future, we’ve talked about procurement now having a
heightened role and a larger profile because of the analytics that are
being brought to bear: The wider purview across services, and the impact
with human resources, rather than just goods and materials and
facilities.

As we get to more of a digital economy, a networked economy,
like we’ve seen in consumer behavior, what do you see for companies
when it comes to this notion of a shared supply chain -- that we’re all
interdependent parts of a supply chain, and that we need to be thinking
about it differently? Where is the shift in thinking that needs to come,
and where does your crystal ball show you we’ll be in five years?

The consumer today really expects better, newer, and more innovative products in a rapid fashion and at a cheaper cost.

Bartolini:
The consumer today really expects better, newer, and more innovative
products in a rapid fashion and at cheaper cost. That's the world of
procurement.

If you’re a procurement professional and
your supply base looks much like it did 10 years ago, there are problems
on the horizon. If your supply chain and your supply base looks like it
does today come 10 years from now, there’s going to be questions as to the
viability of your company.

The speed of business is most visible in areas like consumer electronics. You see the leaders in smartphones
in one cycle are out of business five years later. This is happening in
other supply markets. It’s not as visible, and maybe it's not as fast,
but it is happening!

Organizations understand that the
window of opportunity to generate a premium on their products and
services has collapsed, and they’re increasingly relying on their supply
chains to support capitalizing on those opportunities. That really
creates a shift from net-sum negotiations to win-win negotiations. That
creates a shift from managing contracts and service-level agreements (SLAs),
to managing business outcomes. That really changes the view of a
supplier from an order taker to one that’s a key collaborator.

Gardner:
Rachel, thinking about
organizations wanting to do this better, maybe they listen to this
podcast or read this and they think, “I see procurement as more of a
core competency, having a greater impact on our company. If we need to
move at the speed of business going forward, we need to get better at
this.” How do you start? Any ideas about resources, methodologies, and
workshops? How do you get a new procurement competency process going in
your organization?

Spasser: One of the greatest
ways to learn is to learn from your peers. Conferences like Ariba LIVE
really provide that opportunity, because you get the best of the best,
and they’re sharing their true stories. And it's not just success.
They’re sharing their pitfalls too, and they are sharing how they
navigated through those to achieve the business outcomes that they
sought.

Talk to peers

There
are lots of books to read and experts to talk to, but I think that the
best way to learn is to talk to peers who have been through the same
process and who have candid feedback and candid advice to share.

Gardner:
Perhaps identifying leaders and influencers in your field and following
them on blogs or Twitter or other community-based and social-based
interactions?

Spasser: Absolutely. There are plenty of communities, whether they’re on LinkedIn or whether they’re proprietary, like Ariba Exchange,
and these discussions are happening everyday. I would encourage people
to seek those out, participate in them, go to events, and really learn
from those who are leading the way, because if they are not going to be
on the train quickly, they are going to find themselves left way behind
at the station.

The best way to learn is to talk to peers who have been through the same
process and who have candid feedback and candid advice to share.

Gardner:
Very good. We’ll have to leave it there. We’ve been exploring the
future of procurement and how this age-old business function benefits
from new insight and analysis that transparent business networks now
allow.

And we have seen the data-driven business
networks, and the analytics derived from them, are increasingly
important to businesses, and that procurement is growing in its role and
impact for companies worldwide.

Gardner: And we have been joined also by Andrew Bartolini, the Chief Research Officer at Ardent Partners. Thank you, Andrew.

Bartolini: Thanks, Dana.

Gardner:
And a big thank you to our audience for joining this special podcast,
coming to you from the recent 2014 Ariba LIVE Conference in Las Vegas.

I’m
Dana Gardner, Principal Analyst at Interarbor Solutions, your host
throughout this series of Ariba-sponsored BriefingsDirect discussions.
Thanks so much for listening, and come back next time.

Listen to the podcast. Find it on iTunes. Download the transcript. Sponsor: Ariba, an SAP company.Transcript
of a BriefingDirect podcast on how the face of business processes is changing,
becoming more of an integrated and strategic function built on shared data. Copyright Interarbor Solutions, LLC, 2005-2014. All rights reserved.